"This is a continuation of the multiplayer game tutorial series with Phaser in the client and Node.js in the server. In the first part:
- We successfully set up the developing environment.
- We connected the clients and the server with Socket.io and Express.js.
- We synced all client movements so that the server has one game state.
However, remember that our implementation is very naive because we’re sending our client position directly to the server, and we are broadcasting that position back to the rest of the connected players.
Why is this dangerous? Mainly because client side is easily manipulatable. Moreover, anyone can change javascript files, meaning that a hacker can easily manipulate their position in the game through changing our javascript file, which will harm the game experience of all the other players.
What’s a solution then? We can make our game “Server Authoritative”. This means that all the important data is stored and calculated in the server. We can make our game more secure by sending inputs to the server instead of the position. And then, we can calculate the new position of the player and broadcast it to other players. However, there is one problem. Note that we are using physics for following mouse pointers. It’s not as simple as pressing the arrow keys to move the player. This means that we need a physics system in the server as well!."